Morgan Stanley

Your Personal Info Could Be

Exposed Online After

This Hospital Breach

Breach Description

Morgan Stanley faced significant data security lapses, leading to the exposure of customer personal information. The breach was primarily due to the company’s failure to properly decommission and erase unencrypted data from its computers and servers before they were auctioned off or went missing. This negligence resulted in the compromise of personal information, including data belonging to 1.1 million New Yorkers and affecting millions of customers nationwide.

The New York Attorney General, Letitia James, along with a coalition of attorneys general from Connecticut, Florida, Indiana, New Jersey, and Vermont, secured a $6.5 million settlement from Morgan Stanley for these failures. The settlement requires Morgan Stanley to implement stronger data security measures, including maintaining a comprehensive information security program, encrypting all personal information, and maintaining a vendor risk assessment team to ensure compliance with data security requirements[1][11][12].

This incident is part of a series of data breaches and security lapses at Morgan Stanley, including a previous $35 million fine by the SEC for failing to adequately protect the personal information of approximately 15 million customers[6]. The breaches involved missing equipment and the improper disposal of devices containing customer personal information, highlighting significant shortcomings in Morgan Stanley’s vendor controls and hardware inventory management[5][9][10][15].

Morgan Stanley’s data security incidents underscore the importance of robust data protection practices and the need for financial institutions to take their responsibility to safeguard customer information seriously. The settlement and the required improvements in Morgan Stanley’s data security practices aim to prevent future breaches and protect consumers’ personal information[1][11][12].

Citations:

  1. https://ag.ny.gov/press-release/2023/attorney-general-james-and-multistate-coalition-secure-65-million-morgan-stanley
  2. https://www.reuters.com/business/finance/morgan-stanley-says-some-personal-data-stolen-after-data-breach-2021-07-08/
  3. https://www.reuters.com/business/finance/morgan-stanley-hit-bankers-with-up-1-mln-penalties-messaging-breaches-ft-2023-01-26/
  4. https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf
  5. https://www.thinkadvisor.com/2020/08/28/morgan-stanley-hit-with-data-breach-suit-tied-to-missing-equipment/
  6. https://www.huntonprivacyblog.com/2022/09/21/sec-fines-morgan-stanley-35-million-for-alleged-failure-to-protect-customer-data/
  7. https://www.reuters.com/business/finance/morgan-stanley-is-fined-by-us-regulator-municipal-securities-violations-2024-02-15/
  8. https://motiva.net/morgan-stanley-data-breach/
  9. https://resource-recycling.com/e-scrap/2022/10/12/morgan-stanley-pays-millions-more-in-wake-of-itad-mishaps/amp/
  10. https://www.securityweek.com/morgan-stanley-ordered-to-pay-6-5-million-for-exposing-customer-information/
  11. https://www.legaldive.com/news/morgan-stanley-fined-65m-client-data-breach-ny-ag/700229/
  12. https://brooklyneagle.com/articles/2023/11/21/attorney-general-secures-6-5-million-from-morgan-stanley/
  13. https://www.bloomberg.com/news/articles/2023-01-26/morgan-stanley-fines-bankers-over-messaging-breaches-ft-reports
  14. https://www.law.com/newyorklawjournal/2023/11/16/morgan-stanley-to-pay-six-states-6-5m-to-resolve-probe-of-data-security-breach/?slreturn=20240015070541
  15. https://www.cnn.com/2022/09/20/business/morgan-stanley-fine-customer-data/index.html
  16. https://www.cnbc.com/2023/11/16/morgan-stanley-fined-over-computers-with-personal-data.html
  17. https://www.courant.com/2023/11/16/banking-giant-pays-6-5m-for-data-breach-in-ct-200000-had-personal-information-exposed/
Breach Submission Date Apr 18, 2023
Converted Entity Name Morgan Stanley
Converted Entity Type Health Plan
State NY
Individuals Affected 535
Breach Type Unauthorized Access/Disclosure

Breach Information Location Paper/Films

Business Associate Present Yes